Malicious code in cindy-tomat8-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6bf6116f4e63e0fca65943d0ac151091f1d3a9da54ba2b2908e83165e8fb595 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-135622 Malicious code in mulyono-lapis6-sumpek (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4a66d89427a3b702b95490344253a8d3e02ab812135225ed6eaf2b424199923 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-125279 Malicious code in candra-gandul87-wekto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7920265d8da37c607a063e66f7285cd617a4a52d23bbb82694169327ba73b4d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in riana-mendoan14-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector daf5162b6089ab1a9608e6ca7ad1ce5c8bdd83d6d90157cab68ab31e96b208cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in irma-mendut67-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4566d06862db9545a90ccaf01d644451b0da0831133f16bbd06829ab2ee83506 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-126810 Malicious code in gita-dodol79-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f36d33e39767e6992631a3f8fff6755828bdc729d07ad0ff4d51d18b4c30af6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zain-kue72-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6242a27dc812ec7887bde0006f9b01812e9c9ad7a96baa1ba86f7fc2dc0fb7eb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-122666 Malicious code in putri-kolak54-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a417c49e4081c3db52f725c85080fae0c6e99e086979b3b15db9f763060afd9a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-120730 Malicious code in indah-empal31-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0336095475b4ca2a80bd199dc2c7a1a6a6610bc75957921fe4ad1292d6bc3a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-118683 Malicious code in amazing_snail_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91e1bec6113f65ffbc152413a1912a46b141e1e13d9196ad9219e724593bd1bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-119411 Malicious code in dewanto-lodeh67-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8326b2f30995861749e7d0f3390aa653318a20bd9f062f89c406cb0087e257b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in satisfactory_goose_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b7959100b0f8185ef401f570e6fb1acc53570d0b53f65a79df7109fb86e1a81 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-113839 Malicious code in fajar-bakwan63-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb5ebd5d6e763e8c2b4bc7ff22b7be9e0899b70c2dac60167c04d450863d6d90 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hanafi-jengkol9-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 070d58d893c0508c8e47a1afc3469716916abb03ee06f4bf56fb5ace6fa2bfbf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CISO's Expert Guide To AI Supply Chain Attacks

AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert guide to AI Supply chain attacks here. TL;DR AI-enabled supply chain attacks are exploding in scale and...

Cisco Finds Open-Weight AI Models Easy to Exploit in Long Chats

Cisco’s new research shows that open-weight AI models, while driving innovation, face serious security risks as multi-turn attacks, including conversational persistence, can bypass safeguards and expose data...

kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466)

In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer usin...

linux-pam: Linux-pam directory Traversal

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions...

kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466)

In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer usin...

Malicious code in violent_cobra_emerald-6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 894b1cd630dd85385aeb6cb89ea36ec3bcbe44597561ad747718279bcfa356d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...